The New ZLoader Variant Targets Banking Customers

SentinelLabs reported a campaign delivering the ZLoader banking trojan via fake Google advertisements for various software, including Discord, Zoom, TeamViewer, and Java plugins. It uses Living-off-the-Land Binaries and Scripts (LOLBAS) to avoid detection. This campaign manifests that ZLoader operators are also attempting to move away from traditional attack methods and experimenting with new attack chains to target their victims.